Skip to content
Lavina Jahorina

lavina-jahorina.com

Lavina Jahorina

lavina-jahorina.com

What Should You Ask Your HIPAA Hosting Provider?

Toby Lambert, April 25, 2023April 25, 2023

With the litany of HIPAA breaches caused by business associates/IT vendors in the news lately, covered entities need to be more proactive when it comes to vetting their HIPAA hosting provider.

Protecting confidential patient health information and preventing a HIPAA violation should be the top IT goal of all healthcare organizations HIPAA Service, individual providers and software vendors. But hosting your critical data and applications with a provider requires trust and confidence in their ability to meet HIPAA compliance requirements.

What questions should you, as covered entity, ask your HIPAA hosting provider?

Have you been independently audited by a Certified HIPAA Practitioner (CHP) and Certified HIPAA Security Specialist (CHSS)? To verify your data center operator and hosting solutions are truly HIPAA compliant, they need to be 100% compliant across all 54 HIPAA citations and 136 audited components. Although covered entities need to assess their own policies and procedures to become HIPAA compliant, partnering with a HIPAA compliant IT vendor will greatly improve your chances of passing a HIPAA audit.

What particular IT services meet HIPAA compliant security standards for protecting PHI? Your HIPAA hosting provider should be able to answer this question with specific answers that detail recommended IT services – a private firewall, either virtual or dedicated, with VPN for remote access; data encryption following NIST standards; separate database and web servers for production, etc.

Do you have documented policies and procedures? Make sure you know your hosting provider’s policies when it comes to a data breach – they are required by law as a BA (Business Associate) to notify covered entities in a timely manner, and covered entities are required to notify affected individuals within 10 days. Not following these deadlines and procedures can result in costly lawsuits.

Are your employees trained? The recent military healthcare contractor HIPAA violation was attributed to an employee transporting PHI off of government property and leaving backup tapes unattended in the trunk of a car. The recent lawsuit states that their employees were either not properly trained or completely untrained in HIPAA compliant security procedures. HIPAA requires all employees to be trained in the proper security practices, including policies, physical security, logical security, risk response and reporting, passwords/workstation use, data protection and more.

Do you have a thorough BAA (Business Associates Agreement) with documented and communicated policies? Under HIPAA’s standards for penalties, the lack of a BAA implies negligence, which may fall under Willful Neglect – fines ranging from $10,000 to $50,000 for each incident and potential criminal charges. A BAA can also be valuable to define how the data is handled after service termination; a sample BAA from HHS.gov includes a provision requiring the BA to return or destroy all PHI received from the covered entity, emphasizing that the BA shouldn’t keep any copies of the PHI. If you don’t sign a well-thought out BAA with your hosting provider, they can potentially keep your data on file long after you leave them.

Opinion

Post navigation

Previous post
Next post

Leave a Reply Cancel reply

You must be logged in to post a comment.

Categories

Archives

Recent Posts

  • Black Lab Jacket for Mens

  • Shorts Men’s Cargo

  • Best Place to Buy Slim Fit Bomber Jacket Mens

  • What Short Should Men Wear?

  • Long Camo Jacket for Men’s

  • Top 10 Best Hot Pink Braided Fishing Line Comparison

  • Men Denim Jacket

  • Sports Jackets for Men on Sale

  • Men Pullover Sweaters

  • Top 10 Best Fishing Reel Lighter Comparison

  • Men’s Prologue Field Jackets

  • Top 10 Best Cooking Trivets Comparison

  • Top 10 Best Fly Fishing Reel 9/10 Comparison

  • Lavina Jahorina: Top 10 Original S.W.A.T. Men Boots [ Winter 2018 ]: Original S.W.A.T. Men's Classic 9 Inch Tactical

  • Jean Jacket Men’s Amazon

  • Top 10 Best Used 50 Fishing Reel Comparison

  • Mens Colorful Shorts

  • Top 10 Best Memory Card Images Comparison

  • H and H Bomber Jacket Mens

  • Carhartt Canvas Jackets Men

  • Nasa Bomber Jackets Mens

  • Top 10 Best Trivet Frame 6 X 6 Comparison

  • Top 10 Best Error: Cannot Open .git/fetch_head: Permission Denied Comparison

  • Top 10 Best Type Of Trivet To Protect Granite Countertops Comparison

  • How To Schedule A Report

  • This Young Man Filled His Life With Love — And Was Killed For It

  • Men Soft Short

  • Men’s Hooded Canvas Jackets

  • Nike Shoes Infant Girls

  • Top 10 Best Trivets For Coffee Maker Comparison

©2025 Lavina Jahorina | WordPress Theme by SuperbThemes